Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

The Register is reporting that a New York woman has become the first person to have her pacemaker wirelessly connected to the internet for full-time monitoring. "The device contains a radio transmitter which connects to receiving equipment in New Yorker Carol Kasyjanski's home, using a very low-power signal around 400MHz, to report on the condition of her heart. Any problems are instantly reported to the doctor, and regular checkups can be done by remotely interrogating the home-based equipment — the pacemaker itself doesn't have an IP address, fun as that would be."

I know you're joking, but this thing is only acting as a data feed to a computer. It has no receiver. It can't be controlled remotely or interacted with at all. The worst that would happen is the computer might crash and stop providing data to the medical center.

Yeah, but if somebody can interfere with the reporting (through the device it transmits to) they could report a normal condition when a the pacemaker is really having a malfunction, or a full battery when it's really bordering on empty. It's a bad bad idea.

Before someone goes "but how is that worse than not having the device":

It's worse for the same reasons why bad security is worse than no security: A false sense of security. Without, you don't know whether the person is fine. When you don't hear from her and you're worried because she was supposed to call or show up, you call and see if she's ok. With the device, you check the device, read that it's fine and trust that reading.

If it's treated like an additional layer of security instead of a substitute, it'

Now that Slashdot knows about it, it's only a matter of time before someone starts trying to hack these things. Countdown: Someone here installs Linux and runs a NES emulator on his own pacemaker in 3....2....

Countdown: Someone here installs Linux and runs a NES emulator on his own pacemaker in 3....2....

It'd give you an extra incentive not to die in the video game if that death was going to be translated into your pacemaker malfunctioning;) Who knew that Bowser [wikipedia.org] has powers in the real world.

Now that Slashdot knows about it, it's only a matter of time before someone starts trying to hack these things. Countdown: Someone here installs Linux and runs a NES emulator on his own pacemaker in 3....2....

Someone reported a while back that Dick Cheney had a bluetooth-enabled pacemaker. It would seem unlikely that nobody would have tried to fuzz that - maybe they're fairly secure these days.

If it was routable, remote management over SSH by the doctor might be useful. The cardiologist could, for example, do a few runs of dd(1) and determine whether you're ready to have sex with your wife, or whether some additional tweaks are first needed.

The downside, of course, is the patient being a Unix user and discovering the localhost interface.

That's assuming that someone sets up a scheduler to actually do these checkups. When my Dad has his pacemaker put in, he was supposed to go back to the hospital every few months to have the data the device was collecting downloaded and the battery checked. He had it for at least a year or two and it was never checked. Someone at the hospital forgot to enter it into a database. He had a checkup with his cardiologist during that time too and the doctor never asked about it.

That's assuming that someone sets up a scheduler to actually do these checkups. When my Dad has his pacemaker put in, he was supposed to go back to the hospital every few months to have the data the device was collecting downloaded...

In this case, it sounds like the patient requires continuous monitoring, like you'd get in the ICU. Note that it's not just connecting to the nearest unlocked router -- there's application-specific equipment at her house. This has got to be a ton cheaper than the ICU (or at l

This is by no means the first "wirelessly-monitored" pacemaker. Pacemakers and ICDs have been linked to home monitoring equipment for several years, and that equipment routinely communicates with a central monitoring station (usually via a modem).

Now, if the pacemaker itself was doing the communicating directly (say over any Wifi or cellular network) that would be pretty amazing. But they point out that the pacemaker doesn't have an IP address, and it's only communicating with equipment in the patient's home. That sounds a lot like existing technology, except perhaps that the final link (home monitoring device -> monitoring station) is being performed via IP rather than a phone line. That's nice, but certainly not very exciting. And why does it require a whole new pacemaker to make this upgrade?

Did you see the bit about it being ON THE INTERNETS? There's the difference! When you put something ON THE INTERNETS it becomes more than just the sum of its parts, it becomes a new, unique, and patentable thing; a technological piece de resistance of intellectual property!

It would be interesting if they put the monitoring equipment in a cell phone, then even though the device has a short range it could be continuously monitored from anywhere not just the house, as long as the lady had her phone with her.

Thousands of 4channers suddenly stop what they were doing and in unison spit out, 'WHAT just got connected to the Internet?' as smiles spreads across their faces.... maybe this isn't such a good idea...

As someone fitted with a pacemaker of late, having means to often update the doc with performance data would be nice - if not downright life-saving.

With current technology, I have to go in for my "tuneup" every six months. It does involve a wireless interface, and there is an impressive amount of data dumped. A great many parameters can be changed with ease by a trained technician. When we determined that my natural resting heartrate was under 60bpm, reprogramming that to a minimum of 50bpm was trivial.

Transmitting ongoing data to the doc would be convenient, making it easy to email "hey, something funny happened today, please look into it" without having to wait until a scheduled appointment involving a not-always-available technician. Being able to transmit critical event as they occur is also very desirable - duh; my Medical Alert necklace may direct medics to call my cardiologist, who would be much more effective if he already had incident data.

Of course the real problem is remote control. Informing the doc of ongoing/critical data is one thing; allowing access to make remote updates is a different issue. Making the unit such that remote changes are impossible is, of course, possible. However, if ANY change will be made to such a critical device, then it should be done IN A DOCTOR'S OFFICE. One of my diagnostic routines is dropping my heart rate to 40bpm - harmless if done right, lethal if screwed up.

Of course the real concern to most/. readers is the LOLFAIL headline. "Hey, watch out for a DDOS on your pacemaker! Ha ha ha!" Nothing wins a lot of reads like a headline making some technical advancement sound really dumb. Funny how so many readers of a high-tech news source treat high-tech advancements like Luddites.

When something impressive comes along, most/. readers are simply quick to point out vulnerabilities, that's all.

Like you said, Remote logging of activity - incredibly useful, right?

Remote control, for example, is simply one of the largest hazards.

It doesn't have an IP address - because its just broadcasting, but that could mean it has an SSID on that particular wave - which means that perhaps anyone can access the data. Is it encrypted? Does it contain personal information?

Hey thanks for the informative post. I broke my arm the week before last. Doctors told me there was a wait for xray because of a computer virus problem. Later they sent me my xrays on CD along with a bunch of DLLs for reading said files. Office style issues seem to be encroaching on systems which were formerly embedded and airgapped...

Article indicates the pacemaker doesn't have an IP address, and only connects via 402-405 MHz radio link.

However, it's nearly inevitable that a later version of it and/or those of another pacemaker manufacturer will have its own IP.

Those with access to a large bot net could easily scan for pacemaker software and then target all or, more likely, a specific person(s) to remotely sabotage their pacemaker, possibly resulting in death...

Most killers won't go to such extremes, since there are numerous easier, less traceable ways of killing. But for people in prison, remote killing has its appeal... in particular, to target judges and prosecutors, who, due to age / stress along with access to top quality medical care, often have pacemakers.

To digress somewhat, there are already numerous horror stories of people's on-line medical records getting mixed up / corrupted due to identity theives who seek care under someone elses name - and to make matters worse, ID victims generally do NOT have the right to see that extraneous data nor have it removed. So I'm highly skeptical of the security of on-line medical devices when even on-line medical records aren't as secure as they should be.

Article indicates the pacemaker doesn't have an IP address, and only connects via 402-405 MHz radio link.

As does the summary...

However, it's nearly inevitable that a later version of it and/or those of another pacemaker manufacturer will have its own IP.

Why? Because it'd be cool to do so?

Those with access to a large bot net could easily scan for pacemaker software and then target all or, more likely, a specific person(s) to remotely sabotage their pacemaker, possibly resulting in death...

Yeah, who knows, maybe someday somebody will design a dumb system with some problems. Let's beat the crowd and start criticising whomever it is ahead of time just in case, shall we?

As for electronic records, don't worry, it appears the US is right on track to stick with the most arcane, inefficient, and not-particularly-effective medical system in the modernized world, so the chances of us making any new types of errors are fairly low! Yay!

However, it's nearly inevitable that a later version [...]will have its own IP.

Currently, cars are mostly used to transport people from one place to another. However it's nearly inevitable that a later version will include heavy particle cannons.

It's madness! Everyone will have heavy particle twin cannons!

Let's discuss the horrifying consecuences of that unavoidable future!

Poll:I'll want the particles in my car's heavy particle twin cannons to be:- Red, they go faster.- Green, go green!- First!, because First! is always the best answer.- I don't have a car. I'll probably die in the he

all/.ers Christian Name starting with an "A" take the 0.5*2^30 upper addresses and...

Thank good they haven't postet the IP on/.

I suppose you don't even need a computer network of brainless bots to DDOS a computer,slashdot + us the faster than light clicking slashdot-crauts would fullfill the task, twice as good as any botnet can do,

btw. "Police: Man blamed child porn on cat"

haha next time he can blame his hacked pacemaker for doing so, it will also be very complicated to confiscate this evidence.

It brings me to my own situation: I recently got a CPAP machine with a smartcard for data storage. Unfortunately the card reader is about 130 dollars online and it requires a proprietary software. If my MD wants to see the data he needs for me to remove the card and send it in.

Wouldn't it be great to have these kinds of home devices just "phone it in"? Real data that my MD can look over at his discretion as well as having a copy of it available to me for my own edification. It could be set up to red flag certain data that, because it could be detected as it happens, could prevent minor issues from becoming major issues. This is the kind of technology that is cheap to employ, automated systems could look for abnormalities and could lead to saving lives as well as curbing the cost of health care by making sure that small issues don't become major issues.

More and more people are doing home monitoring of medical conditions without being able to make sense of all the data. This is a great resource and one I can agree to using stimulus money for to take to the next level.

Why is that fishy? The pacemaker talks to the base station unit, reporting it's status. The only thing connected to the internet is the base station. It doesn't need an IP address any more than a wireless HID does when attached to a computer.

This isn't even very new, really. Devices like this already exist, they just use telephony to literally "phone home" instead of the intarwebernets

The pacemaker is not connected to the internet. The "base station" is and that is what the doctors are remotely checking. The pacemaker is just sending its current state to the "base station". The pacemaker is no more connected to the internet than a wireless keyboard or a pair of bluetooth headphones are.

It's most likely a different brand, but my wife has had a wireless defibrillator / pacemaker implant since last October. It, too, wirelessly connects to a base in the house, which in turn talks to the doctor's office. They can also remotely activate tests and scans. We joke quite often that she's one of the only people we know that has their own wireless access point.
Right before the surgery, the surgeon asked my wife if she had any questions. Her first question?
"Um, this thing isn't running on Windows,

sysadmin dad: son, your grandmother is getting old and she wont be around much longer. you should cherish the times you have with her

son: how do you know?sysadmin dad: i caught her throwing warnings to syslog when i was checking logwatches for the toilet and the fridge today. plus her cacti trend for ping time and load looks horrible.son: will grandma go to heaven?sysadmin dad: depends, I didnt an asset tag on her so chances are the property disposal authorization wont go through and she'll just sit on the shipping receiving dock forever.son: so shes going to be a ghost??sysadmin dad: worse, people dont leave empties on you when your a ghost.